On Mon, Oct 3, 2011 at 4:18 PM, Oscar Koeroo <okoe...@nikhef.nl> wrote: > Hi, > > This is a bit a licensing question. Might not be the most popular topic, but > I'll give it a shot. > > Currently the recent Fedora Core's and Red Hat Enterprise 6 force libnss-ssl > on the software. Even libcurl is not made available in various SSL flavors, > like on other platforms, e.g. Debian and OpenSuse have a preference, but > offer alternative builds.
For more background, folks should see http://fedoraproject.org/wiki/FedoraCryptoConsolidation and http://fedoraproject.org/wiki/CryptoConsolidationEval > I wondered if libevent would suffer similar restrictions or pushes from Red > Hat to use libnss in favor of OpenSSL to be adopted in the main repos. What > are your views and understandings in this regard? I've heard nothing from Fedora in this regard. I'd expect that most distributions would want to package libevent separately from the libevent_openssl: that's why they build separate libraries. I have not tested libevent_openssl with libssl-nss; it would be interesting to see how well it works. I'd expect that using sockets directly would work fine, but the filtering bufferevent support might need more work. > For our line of work we depend upon OpenSSL heavily, hence my inquiry about > the matter. We also extend OpenSSL in some places and for our specific use > cases. I also use OpenSSL a bunch, which is why Libevent currently does its SSL support via OpenSSL rather than NSS. I've got nothing against NSS, though: I'd like to write (or accept a patch for!) an NSPR-backed bufferevent implementation at some point. Libevent is in large part a portability library; it shouldn't force you to a particular crypto implementation. In fact, this is why Libevent's openssl library is called "libevent_openssl" rather then "libevent_ssl": to leave room for a future libevent_nss, libevent_gnutls, etc. I'm not sure how licensing comes into it on our end: Libevent is licensed under a 3-clause BSD license, which is compatible with nearly everything. (OpenSSL has a tricky license, inasmuch as its advertising clause renders it incompatible with an unamended GPL, but I don't believe that affects any libevent users who aren't using OpenSSL.) yrs, -- Nick *********************************************************************** To unsubscribe, send an e-mail to majord...@freehaven.net with unsubscribe libevent-users in the body.
